Fraud rules are rules that may be used to automatically detect fraudulent activity. For example, fraud rules may be used to determine if a payment transaction is fraudulent, or if a payment account has been compromised. Fraud rules may be evaluated at a payment account issuer, payment processing network, or merchant acquirer. If a fraudulent transaction is detected, it may be rejected, flagged for manual review, or approved.
Fraud rules are widely utilized, but existing techniques may have difficulty determining certain types of fraudulent activity. For example, fraudsters may use web robots (i.e., bots) or other programmatic techniques to rapidly crawl a merchant web site for security vulnerabilities. In addition, bots may be used to perform fraudulent activity at a large scale, such as by conducting payment transactions using tens or hundreds of stolen accounts in quick succession. Such fraudulent activity may be problematic for merchants.
Embodiments of the invention address these and other problems.